Warning: Internet Explorer Zero Day CVE-2014-1776

A new zero day vulnerability that allows for remote execution of malicious code through Internet Explorer 6-11 is currently being exploited in the wild. Infection can occur simply by browsing to a malicious website.

How to Stay Protected

Zero day CVE-2014-1776 currently affects Internet Explorer, versions 6-11. Over 26% of Internet users utilize one of these browsers. If this includes you, your computer is vulnerable to remote execution of malicious code. Microsoft has yet to release an official fix for CVE-2014-1776, but if you are affected there are still a number of things you can do.

Utilize an Internet Security software that protects your computer from malicious websites, such as the Emsisoft Internet Security pack.

Any one of these actions will protect you from becoming the victim of a zero day attack.

Details About this Threat

Microsoft released an official statement on CVE-2014-1776 this Sunday. The statement contains detailed steps to threat mitigation and also acknowledges researchers at FireEye for discovering the vulnerability’s usage in active, in-the-wild, targeted attacks against users running IE 9-11.

Research indicates that CVE-2014-1776, otherwise known as “Operation Clandestine Fox,” utilizes vector markup language in Adobe Flash to bypass address space layout randomization (ASLR) and data execution prevention (DEP), in order to allow attackers to infect their targets with malware. ASLR and DEP are specifically included in Internet Explorer as security measures, however this is not the first time they have been bypassed via Flash. In fact, the technique was recently used in a February zero day, known as Operation GreedyWonk

Additionally, research indicates that Operation Clandestine Fox is part of a larger malware campaign instigated by what is called an Advanced Persistent Threat group, or an APT. APTs use malware to specifically target governments or financial institutions. As yet, Clandestine Fox has only been observed in a few targeted attacks against such targets, however in the coming days copycat campaigns against everyday Internet users are likely to emerge. For this reason, Emsisoft recommends taking one of above listed steps to stay protected immediately. Users who require help are encouraged to contact our experts at Emsisoft Support for free technical assistance.

Users running Windows XP should also note that this is the first major vulnerability to affect the operating system that will never be patched.

The Enhanced Protection Mode is a great improvement of Intenet explorer version 10 or 11. And as said, then it helps prevent attackers from installing and modifying system settings if they, the malware creators, manage to run exploit code in your browser.
To turn on EPM , then go to internet settings in the browser. Then go to the Advanced tab, check the Enable Enhanced Protected Mode box under Security, and restart the browser. To turn it off, then you only have to uncheck the box, and restart the browser again.